Nemucod Ransomware-as-a-Service Now Distributes Cerber Ransomware!

7

Cerber was first noticed in 1st quarter of 2016 and since then, it spread rapidly within no time with the help of Ransomware-as-a-Service [Raas]. Recently, Microsoft reported that Cerber is on the top position in Ransomware families infecting more than thousands of systems around the world every day!

And it seems like Cerber isn’t going to stop any more as Nemucod Ransomware-as-a-service appears to be yet another RaaS to distribute Cerber freshly! According to Cyren blog, it might be the newer version of Cerber or it might be freshly released by using Raas. Nemucod is a popular malware distribution tool which has already been used in the past to distribute ransomwares.

Nemucod Ransomware-as-a-service for Cerber Distribution

There are various ways through which the Ransomware is distributed around the world! Nemucod seems to be the best way for Cerber Ransomware as it’s a well known malware distribution tool. Once the user installs the exe file of Cerber, here’s what the note appears on the victims PC.

Cerber Ransowmare Message on PC

According to Cyren blog, “The attack is based primarily on email messages with zipped JavaScript attachments with filenames conforming to “DOC{10 digit}-PDF.js” and various invoice-related subjects.”

Two major variants of Nemucod were detected by Cyren in their research which are JS/Nemucod.GE!Eldorado and JS/Nemucod.ED1!Eldorado. It is also said that Nemucod is also responsible to distribute the 2nd most dangerous ransomware, Locky!

JS/Nemucod.GE!Eldorado code is detected as shown in the below given image.

JS/Nemucod.GE!Eldorado

JS/Nemucod.ED1!Eldorado code that affects your system are as shown below.

By this, it’s quite clear that Nemucod Ransomware-as-a-service is going to be dangerous if it outbreaks fresh Cerber ransomware around the world. It’s difficult to say up to what extent this RaaS is going to continue but if it continues for even 1 or 2 months, Cerber might top the charts in Ransomware family for ever!

We will keep you updated as more details come in! Till then, keep an eye on Ransomwares.Net and do spread the word on Facebook & Twitter!

You might also like More from author

7 Comments

  1. Kembe says

    Cerber Ransomware hit me. extension file name is .934e, what can I use to decrypt my files. already got rid of the virus.

    1. Harsh says

      This is a cerber 5. There is no decryptor tool available for Cerber 5. We shall update the blog as and when the tool is available

  2. Atiq says

    Hi Harsh, all my files are having an extension as .8908. Is there any decryptor tool available for this? My files are as it is and I havent moved them. Do you think it would be good idea to run some decrytors or antivirus and see whether I can get my docs back? Or shall moves the files to a external hard drive and wait for a tool to be available? My hard drive is infected but my C drive and all programs are working.

    Pls comment and suggest

  3. carlos says

    Please advise when you are with the solution for Ceber 5 I have files with entection (ao4e)

  4. carlos says

    Please advise when you are with the solution for Ceber 5 I have files with entection (ao4e).
    Please advise when you are with the solution for Ceber 5 I have files with entection (ao4e).
    Please advise when you are with the solution for Ceber 5 I have files with entection (ao4e)

    1. Harsh says

      There is no Cerber 5 decryption tool available yet. We will inform you if there is any solution available.

  5. Yinek says

    my computer infected by Cerber Ransomware . extension file name is .906B, what can I use to decrypt my files. Please help.

Leave A Reply

Your email address will not be published.